TELEX: Putin’s hacks can also see the secrets of the Hungarian foreign ministry, the Orbán government has been unable to fend them off for years
TELEX: Putin’s hacks can also see the secrets of the Hungarian foreign ministry, the Orbán government has been unable to fend them off for years
2 comments
Translation
On 30 December 2021, in Moscow, Russian Foreign Minister Sergey Lavrov pinned the Medal of Friendship on the suit of his Hungarian counterpart Péter Szijjártó. Although the medal was presented by Lavrov, it was Russian President Vladimir Putin himself who decided to award it. Not coincidentally, the medal, which is in the form of a wreath of olive branches encircling a globe with the Cyrillic inscription “Peace and Friendship” on the reverse, is the highest Russian state decoration that can be awarded to a foreigner.
“I am proud that, despite the extremely unfavourable global and regional developments of recent years, while respecting our alliance obligations, we have been able to maintain our cooperation with Moscow based on mutual trust and in line with our national interests,” the Hungarian Foreign Minister boasted on his Facebook page.
Péter Szijjártó knew long ago that Russia’s secret services had attacked and hacked into the IT systems of the Ministry of Foreign Affairs and Trade (MFA), which he headed. By the second half of 2021, it had already become clear that the Russians had completely compromised the Foreign Ministry’s computer network and internal correspondence, and had also hacked into the encrypted network used to transmit “restricted” and “confidential” state and diplomatic information, which can only be used under strict security conditions.
According to an internal document in our possession, the State Department was still subject to targeted attacks in January 2022. Details of the Russian hacking of the State Department’s communication channels were shared with us by former state officials who learned of the incident from officials with direct knowledge of it.
According to former intelligence officers, the cyber-attacks suggest that Russian intelligence hacking groups are clearly behind the operations against Hungary’s foreign ministry. These hackers work for the Federal Security Service, FSB, which was also previously controlled by Putin, and for the Russian military intelligence service, the GRU. According to the sources, they have long been well known to the Hungarian state authorities, as they have been continuously attacking government networks for at least a decade. Russian domestic attacks are mostly linked to hacks against other NATO countries, and members of the Western alliance regularly cooperate and share information to identify the attacks.
By hacking foreign networks, Hungarian diplomacy has effectively become an open book for Moscow. The Russians can know in advance what the Hungarian foreign ministry is thinking and planning, and this is happening at a very sensitive time. Russian infiltration remained active before and partly after the invasion of Ukraine, during the current EU and NATO crisis talks. Meanwhile, there is no sign that the Hungarian government has publicly protested to Russia about the invasion.
Direkt36 has reconstructed the Russian intelligence operation against the Hungarian foreign service, its antecedents going back at least a decade, and the inadequacy of the counter-intelligence measures, with the help of foreign service documents and more than thirty background interviews. For example, we also spoke to former Hungarian intelligence officers who had worked with Russian intelligence and had concrete information on many of the cases described in this article. Sources familiar with the internal affairs of the Ministry of Foreign Affairs shared information about the ministry’s handling of the cyberattack.
We sent detailed questions to the CCM, the Ministry of Interior – which is primarily responsible for cyber defence and counter-intelligence – and the Prime Minister’s Office about all the main allegations in this article last week. We have not yet received any response.
Foreign Office staff were not told that their computers were already infected
Since autumn 2021, previously unusual circulars have appeared on internal mailing lists at the Ministry of Foreign Affairs and Trade. While ministry staff had previously received such cybersecurity-related emails only occasionally, from last year they were sent to ministry staff on a few weekly basis.
According to a Foreign Ministry circular obtained by Direkt36, it was announced on 11 November 2021 that “the Ministry of Foreign Affairs’ Cyber Security Project is being developed to strengthen the Ministry’s IT and cyber security”. As a first step, a central email address has been given to which foreign ministry officials are invited to “report cybersecurity-related (e.g. phishing email, DDOS attack, ransomware virus attack, password leak, data leak)”.
Before Christmas, the ministry had already issued an instruction to the diplomatic missions tightening the use of mobile phones for official work, and on 7 January 2022, the cyber protection officer scolded staff for not complying with it. “The technical investigations carried out to increase the information and cyber security of the CCM have shown that the CCM’s official correspondence is not carried out exclusively using the types of devices and programs authorised for this purpose,” according to an internal letter from the ministry obtained by Direkt36.
The letters have led to growing suspicions in the Foreign Ministry that the problem could be quite serious. One source familiar with the ministry’s internal affairs thought at the time that the Chinese might have hacked the foreign ministry’s system. One of the ministry’s circulars hints at this: ‘Measurable amounts of devices are in use that have been proven to communicate personal data to China in a covert manner. These include (but are not limited to) Huawei (ZTE), Honor, Xiaomi, Wiko, OnePlus, among others”.
his remark is not only remarkable because it highlights the serious vulnerability of government communication. The letter is also interesting because it shows that the government is aware of the security risk posed by Chinese devices, while denying for years that this is a problem, and is one of the biggest supporters of the use of Chinese telecommunications devices in Europe. Szijjártó, for example, has repeatedly stood up for Huawei and claimed that the Chinese company’s devices do not pose any risk.
Other vulnerabilities are also reported in the State Department circulars. According to one, an internal investigation has also revealed that many people prefer to use the US mail client BlueMail, which is also dangerous. According to the cyber defence officer, BlueMail “openly stores passwords entered; has many programming flaws that can be easily exploited in an attack; constantly sends mobile device data to three different servers”.
(Translated using DeepL)
Trojan horse. Right in the midst of us. Enabled by Poland.
What, and I mean this from the bottom of my heart, what has Hungary ever done to help us?
When, *when*, is the EU finally going to see that these countries are not our friends?
When, EU?
When?